Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: OPENBSD_7_0
Revision 1.69 / (download) - annotate - [select for diffs], Sun Aug 29 23:53:10 2021 UTC (2 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.68: +2 -4 lines
Diff to previous 1.68 (colored)
After years of forewarning, disable the RSA/SHA-1 signature algorithm by default. It is feasible to create colliding SHA1 hashes, so we need to deprecate its use. RSA/SHA-256/512 remains available and will be transparently selected instead of RSA/SHA1 for most SSH servers released in the last five+ years. There is no need to regenerate RSA keys. The use of RSA/SHA1 can be re-enabled by adding "ssh-rsa" to the PubkeyAcceptedAlgorithms directives on the client and server. ok dtucker deraadt